Convert PUTTY key to OpenSSH key

In this article we will be going through the steps, HOW TO convert PPK (  PuTTY Private Key ) used in putty to OpenSSH key so we can do the key based authentication from linux work station.

We are all using different flavours of OS. Personally I prefer to use Fedora KDE in my work station. Some other prefer to use Windows, Mac as such. I believe, most people who uses Windows in their work stations are using “putty” software for connecting to linux machines. As you may know, password based authentication and key based authentication are possible. Putty uses PPK  for public key authentication to remote linux host. Some times, we want to share this private key to authorized persons in order to access the remote  host. People using different Linux distros say Ubuntu or RedHat based OS in their work station may not be using putty software for remote access rather they will be using OpenSSH client software. The same PPK used by putty cannot be used in this case. Well, instead it is better to say that we need to convert the PPK format to OpenSSH key format.

Suppose if we got a PPK file to access the server, we need to convert it to OpenSSH key format. PPK uses its own format based on SSH2 protocol. So we need to convert it into the OpenSSH format.

For this, we need to install “putty” software in our linux work station.

If we are using Debian based OS, we need to install “putty-tools” first using apt-get install command.

root@debian-based-OS:~# apt-get install putty-tools

For Redhat based system, we can install “putty” via yum.

[root@redhat-based-OS ~]# yum install putty

Once we have putty software installed on our machine, we convert the PPK to OpenSSH key using puttygen command.

For example, here I have a PPK file with me named “dev-xen-private.ppk“.

[root@infhost01- ~]# puttygen /root/dev-xen-private.ppk -O private-openssh -o /root/.ssh/dev-xen-private-id_rsa

This will convert PPK ( dev-xen-private.ppk ) to OpenSSH key ( dev-xen-private-id_rsa )

If we have secured the PPK using “pass phrase” it will be asking to enter the pass phrase while conversion. Something like as follows.

[root@infhost01- ~]# puttygen /root/dev-xen-private.ppk -O private-openssh -o /root/.ssh/dev-xen-private-id_rsa

Enter passphrase to load key:

[root@infhost01- ~]#

Done. Its simple as that! Converted key /root/.ssh/dev-xen-private-id_rsa is saved.

Now connect to remote linux machine using the converted key, we use ssh command with -i option ( identity_file )

[root@infhost01- ~]# ssh  -i /root/.ssh/dev-xen-private-id_rsa

Enter passphrase for key ‘/root/.ssh/dev-xen-private-id_rsa’ :

Last login: Mon Nov 10 10:28:47 2014 from

[root@dev-xen ~]#

We all know, private key must be kept secret and you should pick a file location that is ACCESSIBLE ONLY TO YOU. Key should be encrypted with a pass phrase for additional security. Otherwise if your key is exposed, I suggest NOT to use public key based authentication if you  really care!

Leave a Reply

Your email address will not be published. Required fields are marked *

Related Posts